A very important point to keep in mind for those tasked with defending against cyberattacks...frequently old techniques will be reused by attackers, although most often, techniques will be recombined in new ways or use a different attack vector.
If hacking were a street race, the brand-new Ferrari revving its engine isn’t always the biggest concern. Sometimes, a reliable, late-model sedan that obeys the speed limit and flies under the radar of the authorities might be even more dangerous.
By Jordan Robertson, June 21, 2012 1:01 PM EDT
The disclosure in The Washington Post that Flame, a powerful piece of malicious software circulating around the Middle East, was developed by the United States and Israel highlights an unexpected reality about the high-stakes world of computer security.
Flame is an espionage weapon that may have been out in the wild for five years or longer. Its ability to escape notice for so long speaks to an uncomfortable truth about the hacking world: The most effective attacks aren’t always shock-and-awe spectacles. Rather, they are slow-moving, deliberate and, most importantly, quiet.
That’s Flame, which embodies all kinds of badness. Once on a computer, it can be programmed to the attackers’ whims. It can turn on a computer’s microphone to record conversations, or snap screenshots when an instant message or e-mail account is opened. It may have infected as many as 1,000 computers, mostly in Iran, according to Russian antivirus firm Kaspersky Lab, and is highly targeted, which means if it wound up on your computer, chances are you made enemies with some very powerful people.
Flame even has a self-destruct mechanism, which underscores its sophistication. It was likely used for surveillance of Iranian computer networks. It may have been a precursor to the Stuxnet computer worm attack that damaged nearly 1,000 centrifuges and was also a product of the U.S. and Israel, according to The New York Times.
One of the more intriguing aspects of Flame’s spread is how stealthy it was. The only reason the public knows about it is Tehran asked international security researchers for help fighting off attacks against its energy sector. That investigation led to the discovery of Flame.
The discovery set off a wave of self-destruct commands, according to security firm Symantec, signaling that the attackers were trying to cover their tracks.
The fact that Flame is now an older piece of technology doesn’t mean it’s outdated. The most effective attacks are often older ones, using proven methods to compromise machines.
As we reported on the Tech Blog in April, a Symantec report showed that hackers’ favorite target in 2011 was a security hole in Microsoft Windows software that was fixed four years ago. That hole was perhaps the best-known security vulnerability in the world, since it allowed the Conficker worm to spread and infect millions of PCs in 2008 and 2009.
And while regular computer users shouldn’t worry much about getting infected with Flame, they do need to worry about another oldie – Zeus, a Trojan program that steals banking passwords. That malware may have appeared in the wild as early as 2007, and variations on it have infected millions of computers, making it one of the world’s most dangerous pieces of malicious code.
Taken together, these examples show that when it comes to pulling off a successful cyber attack, the oldies can indeed really be the goodies.